Overview
Managing roles and permissions in Drata ensures users can perform compliance and administrative tasks securely and efficiently. This article outlines the specific roles and permissions needed to link policies to controls and perform key administrative functions.
Control Manager
Users with the Control Manager role can link existing policies to controls directly from the control drawer in the Controls page.
Note: This role does not provide access to the Policy Center page. If broader access is needed, assign the Policy Manager role in addition.
Policy Manager
Users with the Policy Manager role can:
Access the Policy Center page
Link policies to controls directly from policies or via the control drawer
Admin
Users with the Admin role can:
Perform administrative tasks across Drata
Assign or modify roles, including granting Control Manager or Policy Manager roles
If a user cannot perform a specific action, they likely need additional permissions or a role update from an Admin.
Use Cases / Best Practices
Linking Policies to Controls
While linking policies to controls helps streamline compliance, not all policies are directly tied to a specific control. Consider the following:
Many policies support multiple controls
Policies are often associated with monitoring tests rather than having a 1:1 control relationship
Naming similarities between monitoring tests and controls can indicate linkage